



**Fig. 1A**  
**(Prior Art)**



**Fig. 1B**  
**(Prior Art)**



**Fig. 2A**  
**(Prior Art)**



**Fig. 2B**  
**(Prior Art)**



Fig. 3



Fig. 4



Fig. 5A



Fig. 5B



**Fig. 6**

10 / 73



Fig. 7A



Fig. 7B



Fig. 7C

12 / 73



Fig. 7D

13 / 73



**Fig. 8A**

14 / 73



**Fig. 8B**



Fig. 9A



Fig. 9B

17 / 73



Fig. 10A

18 / 73



Fig. 10B

19 / 73



Fig. 11A

1100B



Fig. 11B



Fig. 12A



Fig. 12B

23 / 73



Fig. 13A



Fig. 13B



Fig. 14A



Fig. 14B



Fig. 15

THE PROCESSOR EXECUTES BIOS CODE INSTRUCTIONS FROM SMM SPACE  
IN THE RAM 1620

BIOS CODE PERFORMS POWER ON SELF TEST (POST) 1625

ACCESSING THE SECURITY HARDWARE 1630

OPTIONALLY ENTER BIOS MANAGEMENT MODE 1632

BIOS CODE LOOKS FOR ADDITIONAL BIOS CODE, SUCH AS VIDEO @ C000h  
AND ATA/IDE HARD DRIVE BIOS CODE @ C800h, AND DISPLAYS A START-UP  
INFORMATION SCREEN 1635

BIOS CODE PERFORMS ADDITIONAL SYSTEM TESTS, SUCH AS THE RAM  
COUNT-UP TEST, AND SYSTEM INVENTORY, SUCH AS IDENTIFYING COM  
AND LPT PORTS 1640

BIOS CODE IDENTIFIES PLUG-N-PLAY AND OTHER SIMILAR DEVICES AND  
DISPLAYS A SUMMARY SCREEN 1645

CLOSING THE ACCESS LOCKS TO THE SECURITY HARDWARE 1650

BIOS CODE IDENTIFIES THE BOOT LOCATION 1655

BIOS CODE CALLS THE BOOT SECTOR CODE TO BOOT THE COMPUTER  
SYSTEM 1660

**Fig. 16A**



**Fig. 16B**

1600C



Fig. 16C



Fig. 16D

32 / 73



Fig. 16E



1600G



Fig. 16G

35 / 73



**Fig. 17A**

**Fig. 17B**



**Fig. 17C**

**Fig. 17D**



**Fig. 18A**  
**PRIOR ART**



**Fig. 18B**

37 / 73



Fig. 18C

38 / 73



Fig. 19A



40 / 73



Fig. 19C



Fig. 20A



Fig. 20B



Fig. 20C



Fig. 20D



**Fig. 21**

44 / 73



Fig. 22

**Fig. 23**

46 / 73



Fig. 24



**Fig. 25A**



Fig. 25B

3610A



Fig. 26



Fig. 27



**Fig. 28**  
**(Prior Art)**

4000A



Fig. 29A



Fig. 29B



Fig. 29C



Fig. 29D

54 / 73



Fig. 29E

4100A



Fig. 30A

4100B



Fig. 30B





Fig. 31B

A MASTER DEVICE IN THE COMPUTER SYSTEM READS THE GUID FOR A DEVICE IN THE COMPUTER SYSTEM AND RECORDS THE GUID IN A GUID TABLE DURING A TRUSTED SET-UP 4305

A DATA TRANSACTION IS REQUESTED INVOLVING THE DEVICE IN THE COMPUTER SYSTEM WITH THE KNOWN GUID 4310

A NONCE OR RANDOM NUMBER IS PROVIDED TO THE DEVICE IN THE COMPUTER SYSTEM WITH THE KNOWN GUID 4315

THE DEVICE RESPONDS TO THE DATA TRANSACTION REQUEST WITH THE REQUESTED DATA AND A RESULT OF A HASH USING THE GUID AND THE NONCE OR RANDOM NUMBER OR THE RESULT OF THE HASH 4320A

THE RESULT OF THE HASH USING THE GUID AND THE NONCE OR RANDOM NUMBER IS COMPARED TO AN EXPECTED VALUE FOR THE RESULT OF THE HASH 4325

SAME?

4330

NO  
REJECT THE TRANSMITTED DATA OR DO NOT SEND THE DATA 4335

YES

ACCEPT THE TRANSMITTED DATA AS THE REQUESTED DATA OR SEND THE DATA 4340A

Fig. 32A



Fig. 32B



Fig. 32C



Fig. 33

63 / 73

4500

THE DEVICE OR THE MASTER DEVICE INITIATES A REQUEST FOR THE DEVICE TO LEAVE THE COMPUTER SYSTEM 4505

THE DEVICE AND THE MASTER DEVICE AUTHENTICATE EACH OTHER USING THE GUID AND/OR THE SYSTEM GUID IN RESPONSE TO THE REQUEST FOR THE DEVICE TO LEAVE THE COMPUTER SYSTEM 4510

THE DEVICE RESETS THE INTRODUCED BIT IN RESPONSE TO THE DEVICE AND THE MASTER DEVICE SUCCESSFULLY AUTHENTICATING EACH OTHER 4515

**Fig. 34**

4600

THE DEVICE RECEIVING A COMMAND FOR THE DEVICE TO LEAVE THE COMPUTER SYSTEM 4605

THE DEVICE RECEIVING A MAINTENANCE KEY THAT SUCCESSFULLY AUTHENTICATES 4610

THE DEVICE RESETS THE INTRODUCED BIT IN RESPONSE TO THE DEVICE RECEIVING THE MAINTENANCE KEY THAT SUCCESSFULLY AUTHENTICATES 4615

**Fig. 35**

64 / 73



Fig. 36

65 / 73

4800

TRANSMIT A MASTER MODE SIGNAL TO BUS INTERFACE LOGIC CONNECTED BETWEEN MASTER MODE LOGIC AND A DATA INPUT DEVICE, WHERE THE BUS INTERFACE LOGIC INCLUDES A MASTER MODE REGISTER

4805

SET A MASTER MODE BIT IN THE MASTER MODE REGISTER(S) TO ESTABLISH SECURE TRANSMISSION CHANNEL BETWEEN THE MASTER MODE LOGIC AND THE DATA INPUT DEVICE OUTSIDE THE OPERATING SYSTEM OF THE COMPUTER SYSTEM 4810

THE MASTER MODE LOGIC AND THE DATA INPUT DEVICE EXCHANGE DATA OUTSIDE THE OPERATING SYSTEM OF THE COMPUTER SYSTEM THROUGH THE BUS INTERFACE LOGIC(S) THAT INCLUDE THE MASTER MODE REGISTER 4815

THE MASTER MODE LOGIC FLUSHES THE BUFFERS OF THE BUS INTERFACE LOGIC(S) THAT INCLUDE THE MASTER MODE REGISTER AFTER CONCLUDING THE DATA TRANSMISSIONS 4820

THE MASTER MODE LOGIC SIGNALS THE BUS INTERFACE LOGIC(S) TO UNSET THE Maser MODE BITS AFTER FLUSHING THE BUFFERS OF THE BUS INTERFACE LOGIC(S) THAT INCLUDE THE MASTER MODE REGISTER  
4825

Fig. 37

TOP SECRET//SI//EYES ONLY



Fig. 38A

THE PROCESSOR EXECUTES BIOS CODE INSTRUCTIONS FROM SMM SPACE  
4920

↓  
ACCESSIONG THE SECURITY HARDWARE 4930

OPTIONALLY ENTER BIOS MANAGEMENT MODE 4932

REQUEST AUTHENTICATION FROM THE SECURITY HARDWARE USING  
MASTER MODE 4935B

PLACE BUS INTERFACE LOGICS IN MASTER MODE 4938

RECEIVE AUTHENTICATION DATA WHILE IN MASTER MODE 4940

EXIT MASTER MODE AND FLUSH BUFFERS 4942

VERIFY AUTHENTICATION DATA 4944

↓  
VERIFIED?

4948

YES

NO

↓  
CONTINUE BOOT PROCESS 4990

Fig. 38B



Fig. 39A

69 / 73



Fig. 39B



Fig. 39C



Fig. 40A

71 / 73

5100B



Fig. 40B



Fig. 41

73 / 73



**Fig. 42A**



**Fig. 42B**